Underground: Hacking, madness and obsession on the electronic frontier - Suelette Dreyfus

The X.25 networks were controlled by a few very large players, companies such as Telenet and Tymnet, while the modern Internet is, by contrast, a fragmented collection of many small and medium-sized sites.

Altos unified the international hacking world as nothing else had done. In sharing information about their own countries' computers and networks, hackers helped each other venture further and further abroad. The Australians had gained quite a reputation on Altos. They knew their stuff. More importantly, they possessed DEFCON, a program which mapped out uncharted networks and scanned for accounts on systems within them. Force wrote DEFCON based on a simple automatic scanning program provided by his friend and mentor, Craig Bowen (Thunderbird1).

Like the telephone system, the X.25 networks had a large number of `phone numbers', called network user addresses (NUAs). Most were not valid. They simply hadn't been assigned to anyone yet. To break into computers on the network, you had to find them first, which meant either hearing about a particular system from a fellow hacker or scanning. Scanning—typing in one possible address after another—was worse than looking for a needle in a haystack. 02624-589004-0004. Then increasing the last digit by one on each attempt. 0005. 0006. 0007. Until you hit a machine at the other end.

Back in 1987 or early 1988, Force had logged into Pacific Island for a talk with Craig Bowen. Force bemoaned the tediousness of hand scanning.

`Well, why the hell are you doing it manually?' Bowen responded. `You should just use my program.' He then gave Force the source code for his simple automated scanning program, along with instructions.

Force went through the program and decided it would serve as a good launchpad for bigger things, but it had a major limitation. The program could only handle one connection at a time, which meant it could only scan one branch of a network at a time.

Less than three months later, Force had rewritten Bowen's program into the far more powerful DEFCON, which became the jewel in the crown of the Australian hackers' reputation. With DEFCON, a hacker could automatically scan fifteen or twenty network addresses simultaneously. He could command the computer to map out pieces of the Belgian, British and Greek X.25 communications networks, looking for computers hanging off the networks like buds at the tips of tree branches.

Conceptually, the difference was a little like using a basic PC, which can only run one program at a time, as opposed to operating a more sophisticated one where you can open many windows with different programs running all at once. Even though you might only be working in one window, say, writing a letter, the computer might be doing calculations in a spreadsheet in another window in the background. You can swap between different functions, which are all running in the background simultaneously.

While DEFCON was busy scanning, Force could do other things, such as talk on Altos. He continued improving DEFCON, writing up to four more versions of the program. Before long, DEFCON didn't just scan twenty different connections at one time; it also automatically tried to break into all the computers it found through those connections. Though the program only tried basic default passwords, it had a fair degree of success, since it could attack so many network addresses at once. Further, new sites and mini-networks were being added so quickly that security often fell by the wayside in the rush to join in. Since the addresses were unpublished, companies often felt this obscurity offered enough protection.

DEFCON produced lists of thousands of computer sites to raid. Force would leave it scanning from a hacked Prime computer, and a day or two later he would have an output file with 6000 addresses on different networks. He perused the list and selected sites which caught his attention. If his program had discovered an interesting address, he would travel over the X.25 network to the site and then try to break into the computer at that address. Alternatively, DEFCON might have already successfully penetrated the machine using a default password, in which case the address, account name and password would all be waiting for Force in the log file. He could just walk right in.